The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. A malicious actor can therefore gain root-level code execution on the host. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.Ībus - secvest_wireless_alarm_system_fuaa50000_firmwareĭue to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.Ī specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. Patch information is provided when available. This information may include identifying information, values, definitions, and related links. Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Įntries may include additional information provided by organizations and efforts sponsored by US-CERT. Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 The division of high, medium, and low severities correspond to the following scores: The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |